Bug 1359800 - Check allocatedDuringIncremental flag in IsMarked functions r=sfink

2017-04-27 17:33:14 +01:00 · 2017-04-27 17:33:14 +01:00 · ded4126482
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@ -3082,12 +3082,17 @@ IsMarkedInternalCommon(T* thingp)
    CheckIsMarkedThing(thingp);
    MOZ_ASSERT(!IsInsideNursery(*thingp));

-    Zone* zone = (*thingp)->asTenured().zoneFromAnyThread();
+    TenuredCell& thing = (*thingp)->asTenured();
+    Zone* zone = thing.zoneFromAnyThread();
    if (!zone->isCollectingFromAnyThread() || zone->isGCFinished())
        return true;
-    if (zone->isGCCompacting() && IsForwarded(*thingp))
+
+    if (zone->isGCCompacting() && IsForwarded(*thingp)) {
        *thingp = Forwarded(*thingp);
-    return (*thingp)->asTenured().isMarked();
+        return true;
+    }
+
+    return thing.isMarked() || thing.arena()->allocatedDuringIncremental;
 }

 template <typename T>
--- a/js/src/jit/JitcodeMap.cpp
+++ b/js/src/jit/JitcodeMap.cpp
@ -864,8 +864,7 @@ JitcodeGlobalEntry::BaseEntry::traceJitcode(JSTracer* trc)
 bool
 JitcodeGlobalEntry::BaseEntry::isJitcodeMarkedFromAnyThread(JSRuntime* rt)
 {
-    return IsMarkedUnbarriered(rt, &jitcode_) ||
-           jitcode_->arena()->allocatedDuringIncremental;
+    return IsMarkedUnbarriered(rt, &jitcode_);
 }

 bool
@ -894,8 +893,7 @@ JitcodeGlobalEntry::BaselineEntry::sweepChildren()
 bool
 JitcodeGlobalEntry::BaselineEntry::isMarkedFromAnyThread(JSRuntime* rt)
 {
-    return IsMarkedUnbarriered(rt, &script_) ||
-           script_->arena()->allocatedDuringIncremental;
+    return IsMarkedUnbarriered(rt, &script_);
 }

 template <class ShouldTraceProvider>
@ -963,11 +961,8 @@ bool
 JitcodeGlobalEntry::IonEntry::isMarkedFromAnyThread(JSRuntime* rt)
 {
    for (unsigned i = 0; i < numScripts(); i++) {
-        if (!IsMarkedUnbarriered(rt, &sizedScriptList()->pairs[i].script) &&
-            !sizedScriptList()->pairs[i].script->arena()->allocatedDuringIncremental)
-        {
+        if (!IsMarkedUnbarriered(rt, &sizedScriptList()->pairs[i].script))
            return false;
-        }
    }

    if (!optsAllTypes_)
@ -976,11 +971,8 @@ JitcodeGlobalEntry::IonEntry::isMarkedFromAnyThread(JSRuntime* rt)
    for (IonTrackedTypeWithAddendum* iter = optsAllTypes_->begin();
         iter != optsAllTypes_->end(); iter++)
    {
-        if (!TypeSet::IsTypeMarked(rt, &iter->type) &&
-            !TypeSet::IsTypeAllocatedDuringIncremental(iter->type))
-        {
+        if (!TypeSet::IsTypeMarked(rt, &iter->type))
            return false;
-        }
    }

    return true;
--- a/js/src/vm/TypeInference.cpp
+++ b/js/src/vm/TypeInference.cpp
@ -811,22 +811,6 @@ TypeSet::IsTypeMarked(JSRuntime* rt, TypeSet::Type* v)
    return rv;
 }

-/* static */ bool
-TypeSet::IsTypeAllocatedDuringIncremental(TypeSet::Type v)
-{
-    bool rv;
-    if (v.isSingletonUnchecked()) {
-        JSObject* obj = v.singletonNoBarrier();
-        rv = obj->isTenured() && obj->asTenured().arena()->allocatedDuringIncremental;
-    } else if (v.isGroupUnchecked()) {
-        ObjectGroup* group = v.groupNoBarrier();
-        rv = group->arena()->allocatedDuringIncremental;
-    } else {
-        rv = false;
-    }
-    return rv;
-}
-
 static inline bool
 IsObjectKeyAboutToBeFinalized(TypeSet::ObjectKey** keyp)
 {
--- a/js/src/vm/TypeInference.h
+++ b/js/src/vm/TypeInference.h
@ -530,7 +530,6 @@ class TypeSet
    static inline Type GetMaybeUntrackedValueType(const Value& val);

    static bool IsTypeMarked(JSRuntime* rt, Type* v);
-    static bool IsTypeAllocatedDuringIncremental(Type v);
    static bool IsTypeAboutToBeFinalized(Type* v);
 } JS_HAZ_GC_POINTER;